Docker making image
Posted by TomNomNom on Tue, 14 Jan 2020 04:12:17 +0100
Structure of this chapter
- Layer of Docker image
- Basic creation method of Dockerfile
- Dockerfile creating various application containers
Layer of Docker image
Each instruction in the Dockerfile creates a new image layer
The image layer will be cached and reused
When the Dockerfile instruction is modified, the copied file changes, or the specified variables are different when building the image, the corresponding image cache will be invalid
When a layer's mirror cache fails, its mirror cache will fail
The image layer is immutable. If you add a file in one layer and then delete it in the next layer, the image still contains the file
Creating Docker image
Docker mirror image
- Is the standard format for application Publishing
- Can support the operation of a Docker container
How to create Docker image
- Create based on existing image
- Create based on local template
- Create based on Dockerfile
Create based on existing image
Package the programs and running environment in the container to generate a new image
docker create -it centos /bin/bash
docker commit -m "new" -a "daoke" a19597abf62d daoke:centos
- -m: Description information
- -a: Author information
- -p: Stop container from running during build
Create based on local template
Generate a new image by importing the operating system template file
Import as local image using wget command
wget http://123.56.134.27/pub/package/LAMP-C7/nginx-1.12.0.tar.gz
cat nginx-1.12.0.tar.gz | docker import - docker: new
After importing successfully, you can view the local image information
docker images | grep new
Create based on Dockerfile
Dockerfile is a file composed of a set of instructions
Four results of Dockerfile
- Basic impact information
- Maintainer information
- Mirror operation instruction
- Execute command when container starts
Create image using Dockerfile and run it in container
| instructions |
Meaning |
| FROM mirror image |
Specifies the image on which the new image is based. The first instruction must be the FROM instruction. Every image created requires the FFROM instruction. |
| MAINTAINER name |
Explain the maintainer information of the new image |
| RUN command |
Executes commands on the mirror on which they are based and commits them to a new mirror |
| CMD ["program to run", "parameter 1," parameter 2 "] |
The command or script to run when the command starts the container. The Dockerfile can only have one CMD command. If multiple commands are specified, only the last f can be executed |
| Exit port number |
Specify the port to open when the new image is loaded into Docker |
| ENV environment variable value |
Setting the value of an environment variable will be used by the following RUN |
| ADD source file / directory target file / directory |
Copy the source file to the target file. The source file should be in the same directory as the Dockerfile, or the f URL |
| COPY source file / directory target file / directory |
Copy the files / directories on the local host to the destination, and the source files / directories should be in the same directory as DGckerfile |
| VOLUME [directory] |
Create a mount point in the container |
| USER user name / UID |
Specify the user when the container runs |
| WORKDIR path |
Specify working directory for subsequent RUN, CMD, ENTRYPOINT |
| ONBUILD command |
Specifies the command to run when the generated image is used as a base image |
| HEALTHCHECK |
Health examination |
Dockerfile creating various application containers
Dockerfile creating apache image container
mkdir apache
cd apache/
vim Dockerfile
#Base image based on
FROM centos
#Maintain the user information of the image
MAINTAINER The project <cloude-docker>
#Install apache Software with mirror operation instruction
RUN yum -y update //Update yum warehouse
RUN yum -y install httpd
#Open port 80
EXPOSE 80
#Copy home page file
ADD index.html /var/www/html/index.html
#Copy execution script to image
ADD run.sh /run.sh
RUN chmod 755 /run.sh
#Execute script when starting container
CMD ["/run.sh"]
[root@localhost opt]# vim run.sh
#!/bin/bash
rm -rf /run/httpd/*
exec /usr/sbin/apachectl -D FOREGROUND
echo "this is web" index.html
//Generating mirrors
docker build -t httpd:centos .
//New image run container
docker run -d -p 1216:80 httpd:centos
Dockerfile creating ssh image container
mkdir sshd
cd sshd/
vim Dockerfile
#Base image based on
FROM centos
#Maintain the user information of the image
MAINTAINER this is project <lzp-sshd>
#Reload yum source
RUN yum -y update
#Install necessary packages
RUN yum -y install openssh* net-tools lsof telnet passwd
#Set password for root
RUN echo '123456' | passwd --stdin root
#Modify profile
RUN sed -i 's/UsePAM yes/UsePAM no/g' /etc/ssh/sshd_config
#Generate secret key
RUN ssh-keygen -t rsa -f /etc/ssh/sshd_host_rsa_key
RUN sed -i '/^scssion\s\+required\s\+pam_loginuid.so/s/^/#/' /etc/pam.d/sshd
RUN mkdir -P /root/.ssh && chown root.root /root && chmod 700 /root/.ssh
#Open 20 ports
EXPOSE 22
#Starting container
CMD ["/usr/sbin/sshd","-D"]
//Generating mirrors
docker build -t sshd:new .
//Start the container and change the root password
docker run -d -P sshd:new
ssh localhost -p 32770
Dockerfile creates systemctl image container based on sshd image container
mkdir systemctl
cd systemctl
vim Dockerfile
#Base image based on
FROM sshd:new
ENV container docker
RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \
systemd-tmpfile-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*; \
rm -f /etc/systemd/system/*.wants/*; \
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*; \
rm -f /lib/systemd/system/anaconda.target.wants/*;
VOLUME [ "/sys/fs/cgroup" ]
CMD ["/usr/sbin/init"]
//Generating mirrors
docker build -t local/c7-systemd:latest .
//Root in the privileged container has real root privileges. No responsibility, the root in the container is only a common external user right
docker run --privileged -ti -v /sys/fs/cgroup:sys/fs/cgroup:ro local/c7-systemd:latest /sbin/init
//Container entry
docker exec -it image IP bash
Topics:
Linux
Docker
ssh
CentOS
yum